generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Move signing digest out of CERT.

Browse Source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2015-05-12 18:56:39 +01:00
parent 76106e60a8
commit d376e57d68
6 changed files with 45 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ssl/s3_clnt.c
View File

@ -2163,7 +2163,7 @@ int ssl3_get_certificate_request(SSL *s)
} }
/* Clear certificate digests and validity flags */ /* Clear certificate digests and validity flags */
for (i = 0; i < SSL_PKEY_NUM; i++) { for (i = 0; i < SSL_PKEY_NUM; i++) {
s->cert->pkeys[i].digest = NULL; s->s3->tmp.md[i] = NULL;
s->cert->pkeys[i].valid_flags = 0; s->cert->pkeys[i].valid_flags = 0;
} }
if ((llen & 1) || !tls1_save_sigalgs(s, p, llen)) { if ((llen & 1) || !tls1_save_sigalgs(s, p, llen)) {
@ -3081,7 +3081,7 @@ int ssl3_send_client_verify(SSL *s)
if (SSL_USE_SIGALGS(s)) { if (SSL_USE_SIGALGS(s)) {
long hdatalen = 0; long hdatalen = 0;
void *hdata; void *hdata;
const EVP_MD *md = s->cert->key->digest; const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys];
hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) { if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) {
SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
@ -3197,7 +3197,7 @@ static int ssl3_check_client_certificate(SSL *s)
if (!s->cert || !s->cert->key->x509 || !s->cert->key->privatekey) if (!s->cert || !s->cert->key->x509 || !s->cert->key->privatekey)
return 0; return 0;
/* If no suitable signature algorithm can't use certificate */ /* If no suitable signature algorithm can't use certificate */
if (SSL_USE_SIGALGS(s) && !s->cert->key->digest) if (SSL_USE_SIGALGS(s) && !s->s3->tmp.md[s->cert->key - s->cert->pkeys])
return 0; return 0;
/* /*
* If strict mode check suitability of chain before using it. This also * If strict mode check suitability of chain before using it. This also

2
ssl/s3_lib.c
View File

@ -3326,7 +3326,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
if (SSL_USE_SIGALGS(s)) { if (SSL_USE_SIGALGS(s)) {
if (s->session && s->session->sess_cert) { if (s->session && s->session->sess_cert) {
const EVP_MD *sig; const EVP_MD *sig;
sig = s->session->sess_cert->peer_key->digest; sig = s->s3->tmp.peer_md;
if (sig) { if (sig) {
*(int *)parg = EVP_MD_type(sig); *(int *)parg = EVP_MD_type(sig);
return 1; return 1;

21
ssl/ssl_cert.c
View File

@ -165,21 +165,6 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void)
return ssl_x509_store_ctx_idx; return ssl_x509_store_ctx_idx;
} }
void ssl_cert_set_default_md(CERT *cert)
{
/* Set digest values to defaults */
#ifndef OPENSSL_NO_DSA
cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
#endif
#ifndef OPENSSL_NO_RSA
cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
#endif
#ifndef OPENSSL_NO_EC
cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
#endif
}
CERT *ssl_cert_new(void) CERT *ssl_cert_new(void)
{ {
CERT *ret = OPENSSL_malloc(sizeof(*ret)); CERT *ret = OPENSSL_malloc(sizeof(*ret));
@ -192,7 +177,6 @@ CERT *ssl_cert_new(void)
ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]); ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]);
ret->references = 1; ret->references = 1;
ssl_cert_set_default_md(ret);
ret->sec_cb = ssl_security_default_callback; ret->sec_cb = ssl_security_default_callback;
ret->sec_level = OPENSSL_TLS_SECURITY_LEVEL; ret->sec_level = OPENSSL_TLS_SECURITY_LEVEL;
ret->sec_ex = NULL; ret->sec_ex = NULL;
@ -306,11 +290,6 @@ CERT *ssl_cert_dup(CERT *cert)
} }
ret->references = 1; ret->references = 1;
/*
* Set digests to defaults. NB: we don't copy existing values as they
* will be set during handshake.
*/
ssl_cert_set_default_md(ret);
/* Configured sigalgs copied across */ /* Configured sigalgs copied across */
if (cert->conf_sigalgs) { if (cert->conf_sigalgs) {
ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen); ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen);

2
ssl/ssl_lib.c
View File

@ -2269,7 +2269,7 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher,
return (NULL); return (NULL);
} }
if (pmd) if (pmd)
*pmd = c->pkeys[idx].digest; *pmd = s->s3->tmp.md[idx];
return c->pkeys[idx].privatekey; return c->pkeys[idx].privatekey;
} }

7
ssl/ssl_locl.h
View File

@ -1291,6 +1291,10 @@ typedef struct ssl3_state_st {
unsigned char *peer_sigalgs; unsigned char *peer_sigalgs;
/* Size of above array */ /* Size of above array */
size_t peer_sigalgslen; size_t peer_sigalgslen;
/* Digest peer uses for signing */
const EVP_MD *peer_md;
/* Array of digests used for signing */
const EVP_MD *md[SSL_PKEY_NUM];
} tmp; } tmp;
/* Connection binding to prevent renegotiation attacks */ /* Connection binding to prevent renegotiation attacks */
@ -1439,8 +1443,6 @@ typedef struct dtls1_state_st {
typedef struct cert_pkey_st { typedef struct cert_pkey_st {
X509 *x509; X509 *x509;
EVP_PKEY *privatekey; EVP_PKEY *privatekey;
/* Digest to use when signing */
const EVP_MD *digest;
/* Chain for this certificate */ /* Chain for this certificate */
STACK_OF(X509) *chain; STACK_OF(X509) *chain;
# ifndef OPENSSL_NO_TLSEXT # ifndef OPENSSL_NO_TLSEXT
@ -1870,7 +1872,6 @@ void ssl_clear_cipher_ctx(SSL *s);
int ssl_clear_bad_session(SSL *s); int ssl_clear_bad_session(SSL *s);
__owur CERT *ssl_cert_new(void); __owur CERT *ssl_cert_new(void);
__owur CERT *ssl_cert_dup(CERT *cert); __owur CERT *ssl_cert_dup(CERT *cert);
void ssl_cert_set_default_md(CERT *cert);
void ssl_cert_clear_certs(CERT *c); void ssl_cert_clear_certs(CERT *c);
void ssl_cert_free(CERT *c); void ssl_cert_free(CERT *c);
__owur SESS_CERT *ssl_sess_cert_new(void); __owur SESS_CERT *ssl_sess_cert_new(void);

56
ssl/t1_lib.c
View File

@ -795,9 +795,9 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
return 0; return 0;
if (set_ee_md == 2) { if (set_ee_md == 2) {
if (check_md == NID_ecdsa_with_SHA256) if (check_md == NID_ecdsa_with_SHA256)
c->pkeys[SSL_PKEY_ECC].digest = EVP_sha256(); s->s3->tmp.md[SSL_PKEY_ECC] = EVP_sha256();
else else
c->pkeys[SSL_PKEY_ECC].digest = EVP_sha384(); s->s3->tmp.md[SSL_PKEY_ECC] = EVP_sha384();
} }
} }
return rv; return rv;
@ -1036,8 +1036,7 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
/* /*
* Store the digest used so applications can retrieve it if they wish. * Store the digest used so applications can retrieve it if they wish.
*/ */
if (s->session && s->session->sess_cert) s->s3->tmp.peer_md = *pmd;
s->session->sess_cert->peer_key->digest = *pmd;
return 1; return 1;
} }
@ -2668,6 +2667,21 @@ static int ssl_check_clienthello_tlsext_early(SSL *s)
return 1; return 1;
} }
} }
/* Initialise digests to default values */
static void ssl_set_default_md(SSL *s)
{
const EVP_MD **pmd = s->s3->tmp.md;
#ifndef OPENSSL_NO_DSA
pmd[SSL_PKEY_DSA_SIGN] = EVP_sha1();
#endif
#ifndef OPENSSL_NO_RSA
pmd[SSL_PKEY_RSA_SIGN] = EVP_sha1();
pmd[SSL_PKEY_RSA_ENC] = EVP_sha1();
#endif
#ifndef OPENSSL_NO_EC
pmd[SSL_PKEY_ECC] = EVP_sha1();
#endif
}
int tls1_set_server_sigalgs(SSL *s) int tls1_set_server_sigalgs(SSL *s)
{ {
@ -2679,7 +2693,7 @@ int tls1_set_server_sigalgs(SSL *s)
s->cert->shared_sigalgslen = 0; s->cert->shared_sigalgslen = 0;
/* Clear certificate digests and validity flags */ /* Clear certificate digests and validity flags */
for (i = 0; i < SSL_PKEY_NUM; i++) { for (i = 0; i < SSL_PKEY_NUM; i++) {
s->cert->pkeys[i].digest = NULL; s->s3->tmp.md[i] = NULL;
s->cert->pkeys[i].valid_flags = 0; s->cert->pkeys[i].valid_flags = 0;
} }
@ -2697,8 +2711,9 @@ int tls1_set_server_sigalgs(SSL *s)
al = SSL_AD_ILLEGAL_PARAMETER; al = SSL_AD_ILLEGAL_PARAMETER;
goto err; goto err;
} }
} else } else {
ssl_cert_set_default_md(s->cert); ssl_set_default_md(s);
}
return 1; return 1;
err: err:
ssl3_send_alert(s, SSL3_AL_FATAL, al); ssl3_send_alert(s, SSL3_AL_FATAL, al);
@ -3434,6 +3449,7 @@ int tls1_process_sigalgs(SSL *s)
int idx; int idx;
size_t i; size_t i;
const EVP_MD *md; const EVP_MD *md;
const EVP_MD **pmd = s->s3->tmp.md;
CERT *c = s->cert; CERT *c = s->cert;
TLS_SIGALGS *sigptr; TLS_SIGALGS *sigptr;
if (!tls1_set_shared_sigalgs(s)) if (!tls1_set_shared_sigalgs(s))
@ -3453,12 +3469,12 @@ int tls1_process_sigalgs(SSL *s)
if (sigs) { if (sigs) {
idx = tls12_get_pkey_idx(sigs[1]); idx = tls12_get_pkey_idx(sigs[1]);
md = tls12_get_hash(sigs[0]); md = tls12_get_hash(sigs[0]);
c->pkeys[idx].digest = md; pmd[idx] = md;
c->pkeys[idx].valid_flags = CERT_PKEY_EXPLICIT_SIGN; c->pkeys[idx].valid_flags = CERT_PKEY_EXPLICIT_SIGN;
if (idx == SSL_PKEY_RSA_SIGN) { if (idx == SSL_PKEY_RSA_SIGN) {
c->pkeys[SSL_PKEY_RSA_ENC].valid_flags = c->pkeys[SSL_PKEY_RSA_ENC].valid_flags =
CERT_PKEY_EXPLICIT_SIGN; CERT_PKEY_EXPLICIT_SIGN;
c->pkeys[SSL_PKEY_RSA_ENC].digest = md; pmd[SSL_PKEY_RSA_ENC] = md;
} }
} }
} }
@ -3467,14 +3483,14 @@ int tls1_process_sigalgs(SSL *s)
for (i = 0, sigptr = c->shared_sigalgs; for (i = 0, sigptr = c->shared_sigalgs;
i < c->shared_sigalgslen; i++, sigptr++) { i < c->shared_sigalgslen; i++, sigptr++) {
idx = tls12_get_pkey_idx(sigptr->rsign); idx = tls12_get_pkey_idx(sigptr->rsign);
if (idx > 0 && c->pkeys[idx].digest == NULL) { if (idx > 0 && pmd[idx] == NULL) {
md = tls12_get_hash(sigptr->rhash); md = tls12_get_hash(sigptr->rhash);
c->pkeys[idx].digest = md; pmd[idx] = md;
c->pkeys[idx].valid_flags = CERT_PKEY_EXPLICIT_SIGN; c->pkeys[idx].valid_flags = CERT_PKEY_EXPLICIT_SIGN;
if (idx == SSL_PKEY_RSA_SIGN) { if (idx == SSL_PKEY_RSA_SIGN) {
c->pkeys[SSL_PKEY_RSA_ENC].valid_flags = c->pkeys[SSL_PKEY_RSA_ENC].valid_flags =
CERT_PKEY_EXPLICIT_SIGN; CERT_PKEY_EXPLICIT_SIGN;
c->pkeys[SSL_PKEY_RSA_ENC].digest = md; pmd[SSL_PKEY_RSA_ENC] = md;
} }
} }
@ -3489,18 +3505,18 @@ int tls1_process_sigalgs(SSL *s)
* supported it stays as NULL. * supported it stays as NULL.
*/ */
# ifndef OPENSSL_NO_DSA # ifndef OPENSSL_NO_DSA
if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest) if (pmd[SSL_PKEY_DSA_SIGN] == NULL)
c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); pmd[SSL_PKEY_DSA_SIGN] = EVP_sha1();
# endif # endif
# ifndef OPENSSL_NO_RSA # ifndef OPENSSL_NO_RSA
if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) { if (pmd[SSL_PKEY_RSA_SIGN] == NULL) {
c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); pmd[SSL_PKEY_RSA_SIGN] = EVP_sha1();
c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); pmd[SSL_PKEY_RSA_ENC] = EVP_sha1();
} }
# endif # endif
# ifndef OPENSSL_NO_EC # ifndef OPENSSL_NO_EC
if (!c->pkeys[SSL_PKEY_ECC].digest) if (pmd[SSL_PKEY_ECC] == NULL)
c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); pmd[SSL_PKEY_ECC] = EVP_sha1();
# endif # endif
} }
return 1; return 1;
@ -4086,7 +4102,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
if (TLS1_get_version(s) >= TLS1_2_VERSION) { if (TLS1_get_version(s) >= TLS1_2_VERSION) {
if (cpk->valid_flags & CERT_PKEY_EXPLICIT_SIGN) if (cpk->valid_flags & CERT_PKEY_EXPLICIT_SIGN)
rv |= CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN; rv |= CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN;
else if (cpk->digest) else if (s->s3->tmp.md[idx] != NULL)
rv |= CERT_PKEY_SIGN; rv |= CERT_PKEY_SIGN;
} else } else
rv |= CERT_PKEY_SIGN | CERT_PKEY_EXPLICIT_SIGN; rv |= CERT_PKEY_SIGN | CERT_PKEY_EXPLICIT_SIGN;